Are Two Better Than One?

By now you've probably heard how Microsoft's .NET series of servers are
going to revolutionize your business on the Internet. At the same time
you may be frightened of the security implications of exposing your production
servers to the throngs of Internet hackers and crackers. A key component
of Microsoft's strategy to secure .NET servers is to buffer your network
from the Internet with Internet Security and Acceleration (ISA) Server,
the much-anticipated upgrade to the beleaguered Proxy Server 2.0. Microsoft
claims that ISA Server will keep the bad guys out of your network, as
long as you configure it correctly. To check whether you're up to the
challenge, the ISA Server exam tests your knowledge of configuring and
deploying ISA Server.

This month I take a look at Coriolis' Exam Prep/Cram books and give you
a real-world perspective on whether they can help you pass or not. I used
the Coriolis books exclusively to prepare for my own ISA exam and you'll
find out how well Exam Prep/Cram prepared me for the real thing.

Exam Prep
If reading long technical manuals is your idea of fun, you'll have no
problem curling up in bed with the 603-page ISA Server Exam Prep
book. It consists of eighteen chapters packed with ISA Server configuration
and implementation details. Although it would help for you to already
have some experience with Proxy Server 2.0, it's not absolutely necessary.
The authors walk you through many of the basics without assuming you're
a firewall or proxy expert.

The book is roughly broken up into three main topic areas-ISA installation/upgrade,
ISA configuration, and ISA deployment and troubleshooting. The chapters
were clear and well-written. Each chapter ends with a technical summary
as well as basic review questions that quiz you on the material just covered.
Finally, the chapter also presents you with a series of "Real-World Projects:"
hands-on exercises designed to get you working with ISA Server. The authors
also did a good job of incorporating numerous hands-on exercises within
the chapters themselves. I eventually found myself skipping the real-world
projects and focusing on the hands-on exercises in the chapters since
they were related to the current concept I was reading. For the hands-on
exercises, I set up an ISA server as the main firewall connecting my home
network via two-way satellite to the Internet. I also set up a second
ISA server as a secondary firewall so I could simulate a Demilitarized
Zone (DMZ).

Exam Prep's technical accuracy is fairly good, with most of my eyebrow-raising
limited to trying to understand some of the cryptic or ambiguous concepts.
For example, the authors mention that when the ISA Server configuration
is backed up, a .bif backup file is created. They failed to mention that
this is the backup configuration for an ISA Server array, while the ISA
Server Enterprise configuration backup file uses a .bef extension. I found
many of the end-of chapter review questions to also be ambiguous but nonetheless
worth perusing to reinforce learned concepts. The last chapter's a 50-question
sample ISA test. Although these questions were good review, they're not
as complex as the questions you'll see on the real exam. Overall, the
authors have done a good job of covering the ISA Server exam objectives,
which are also neatly summarized in Appendix B.

The Exam Insights section mentions supplementing your study program with
visits to ExamCram.com to receive additional
practice questions, but I didn't find an ISA Server practice exam there,
only a Proxy 2.0 exam. The CD that comes with the book does have 50 exam
practice questions, some of them repeated from the book's sample test.

Exam Cram
I don't understand why the same publisher would produce two books geared
toward helping you pass the same certification exam. I'm even more perplexed
when the publisher commissions two different sets of authors to write
the books-but that's exactly what Coriolis has done with the ISA Serer
Exam Cram and Exam Prep books. Coriolis describes Exam Cram as "(a
book that) gives you information about material you need to know the pass
the tests," while describing Exam Prep as "(a book that) provides a greater
level of detail than the Exam Cram books and (is) are designed to teach
you everything you need to know from an exam perspective."

Although this sounds redundant, there are marked differences in content
coverage between the two books. For example, the Exam Cram book, although
more condensed (376 pages), dedicates two chapters to Windows 2000 forest
design and TCP/IP addressing/subnetting, topics not even touched on by
Exam Prep. At the same time, Exam Cram glosses over concepts covered in
much more detail in the Exam Prep book. For example, when explaining how
to configure ISA Server array listeners, Exam Cram mentions the different
authentication methods but refers you to chapter 10 for detailed explanations
of each of the methods-explanations that are never offered. Exam Prep,
on the other hand, offers a whole chapter on authentication methods. Coriolis
could very easily consolidate the two books into one, letting you decide
which concepts to skim over and which to read in detail.

Each of the Exam Cram chapters introduces you to a series of ISA Server
concepts followed by up to 10 practice questions. At the end of each chapter
is a "Need to Know More?" section that points you to additional reference
material. The end of the book contains a 45-question sample practice exam.

Put to the Test
The two-hour, fifteen minute ISA Server Exam consists of 55 mostly multiple-choice
questions. Most of the questions are long and wordy, and many are ambiguous
and confusing. You're not only tested on ISA Server, but also your knowledge
of Win2K logical structure (domains, sites, Organizational Units), Group
Policy (software distribution), TCP/IP addressing and subnetting (basic
and Classless Internet Domain Routing (CIDR), routing tables), DNS configuration
(recursive queries, record types, configuring Round Robin), Network Load
Balancing, and so on as they relate to ISA Server. If you don't already
have a good grasp of these concepts, you're at a serious disadvantage
when taking this exam.

I only had two minutes to spare after the review session before I ended
the exam. The minimum passing score is 720 and I scored an 800-not the
best score I've ever achieved, but hey, it was a green bar. Did Exam Prep/Cram
help me to achieve this passing score? Yes, they did, along with hours
of hands-on practice and prerequisite knowledge.

Don't Buy Both Books!
So here's the bottom line: to prepare for the ISA Server Exam, the Coriolis
Exam Prep is a good choice. It has comprehensive objective coverage, accurate
technical content, and numerous hands-on practice exercises. Study it
cover to cover while working on a live ISA server or two. You don't need
to purchase Exam Cram as you'll get all the detail you need for ISA Server
configuration from Exam Prep. Coriolis should consider consolidating the
two books into one. ISA Server's a challenging exam, but with the right
combination of hands on and learning resources like Coriolis' Exam Prep,
you can pass.

About the Author

James Carrion, MCM R2 Directory, MCITP, MCSE, MCT, CCNA, CISSP has worked as a computer consultant and technical instructor for the past 16 years. He’s the owner of and principal instructor for MountainView Systems, LLC, which specializes in accelerated Microsoft Certification training.